Jailbreaking is a form of privilege escalation,[1][2] and the term has been used to describe privilege escalation on devices by other manufacturers as well.[3][4] The name refers to breaking the device out of its "jail",[5] which is a technical term used in Unix-style systems, for example in the term "FreeBSD jail". A jailbroken iPhone, iPod touch, or iPad running iOS can still use the App Store, iTunes, and other normal functions, such as making telephone calls.

The description of any iOS update (whether it be an over-the-air update, or via iTunes) will never contain jailbreak-related information, such as the number of exploits utilized by a jailbreak tool that were used to achieve an "untethered" jailbreak on the previous firmware. Restoring a device with iTunes removes the jailbreak.[6][7][8]

One of the reasons for jailbreaking is to expand the feature set limited by Apple and its App Store.[9][dubious– discuss] Apple checks apps for compliance with its iOS Developer Program License Agreement before accepting them for distribution in the App Store.[10] However, their reasons for banning apps are not limited to safety and security and may be regarded as arbitrary and capricious.[11] To access banned apps,[12] users rely on jailbreaking to circumvent Apple's censorship of content and features. Jailbreaking permits the downloading of programs not approved by Apple,[13] such as customization apps used to change the user Interface.

Since software programs available through Cydia are not required to adhere to App Store guidelines, many of them are not typical self-contained apps but instead are extensions and customizations for iOS and other apps.[14] Users install these programs for purposes including personalization and customization of the interface,[14] adding desired features and fixing annoyances,[15] and making development work on the device easier by providing access to the filesystem and command-line tools.[16][17]

Many Chinese iOS device owners also jailbreak their phones to install third-party Chinese character input systems because they are easier to use than Apple's.[18]

Jailbreaking also opens the possibility for using software to unofficially unlock carrier-locked iPhones so they can be used with other carriers.[19] Software-based unlocks have been available since September 2007,[20] with each tool applying to a specific iPhone model and baseband version (or multiple models and versions).[21]

On July 15, 2011, Apple released a new version of iOS that closed the exploit used in JailbreakMe 3.0. The German Federal Office for Information Security had reported that the "critical weakness" uncovered by JailbreakMe meant that iOS users could potentially have their information stolen or unwillingly download malware by clicking on maliciously crafted PDF files.[22] Before Apple released a fix for this security hole, jailbreak users had access to a fix published by the developer of JailbreakMe.

The first iPhoneworm, iKee, appeared in early November 2009, created by a 21-year-old Australian student in the town of Wollongong. He told Australian media that he created the worm to raise awareness of security issues: jailbreaking allows users to install an SSH service, which those users can leave in the default unsecure state.[23] In the same month, F-Secure reported on a new malicious worm compromising bank transactions from jailbroken phones in the Netherlands, similarly affecting devices where the owner had installed SSH without changing the default password.[24][25]

A Forbes staff analyzed UCSB study on 1407 free programs available from a third party source and Apple. Of the 1,407 free apps investigated in the cited study, 825 were downloaded from Apple’s App Store using the website App Tracker, and 526 from BigBoss (Cydia's default repository). 21% of official apps tested leaked device ID and 4% leaked location. Unofficial apps leaked 4% and 0.2% respectively. 0.2% of apps from Cydia leaked photos and browsing history, while the Apple store leaked none. He commented that unauthorized apps tend to respect privacy better than official ones.[26] Also, there is a program called PrivaCy that allows user to control the upload of usage statistics to remote servers.[26]

Installing software published outside the App Store has the potential to affect battery life and system stability if the software is poorly optimized or frequently uses resource-draining services (such as 3G or Wi-Fi).[27][28][29]

Jailbreaking of iOS devices is sometimes compared to "rooting" of Android devices. Although the two concepts both involve privilege escalation, they differ substantially in scope. Android devices, with few exceptions, do not natively implement strong technical security measures to prevent users from modifying or replacing the operating system; enabling installation of apps that have not been reviewed or authorized by a central authority such as Google—known as "sideloading"—is a simple user preference;.[30]

In marked contrast, iOS is engineered with strong security measures (including a "locked bootloader") intended to prevent users from modifying the operating system or installing apps that are not authorized by Apple, and to prevent user-installed apps from gaining root privileges; jailbreaking an iOS device to defeat all of these security measures presents a significant technical challenge. Jailbreaking also violates Apple's end-user license agreement for iOS.[31]

Apple has released various updates to iOS that patch exploits used by jailbreak utilities; this includes a patch released in iOS 6.1.3 to software exploits used by the original evasi0n iOS 6–6.1.2 jailbreak, and again in iOS 7.1 patching the Evasi0n 7 jailbreak for iOS 7–7.0.6-7.1 beta 3. Bootrom exploits (exploits found in the hardware of the device) cannot be patched by Apple by system updates, but could be fixed in hardware revisions such as new chips or new hardware in its entirety.

Jailbreaking is something that is legal in the United Kingdom but may not be in other countries, so its legal status is affected by laws regarding circumvention of digital locks, such as laws protecting digital rights management (DRM) mechanisms. Many countries do not have such laws, and some countries have laws including exceptions for jailbreaking.

International treaties have influenced the development of laws affecting jailbreaking. The 1996 World Intellectual Property Organization (WIPO) Copyright Treaty requires nations party to the treaties to enact laws against DRM circumvention. The American implementation is the Digital Millennium Copyright Act (DMCA), which includes a process for establishing exemptions for non-copyright-infringing purposes such as jailbreaking. The 2001 European Copyright Directive implemented the treaty in Europe, requiring member states of the European Union to implement legal protections for technological protection measures. The Copyright Directive includes exceptions to allow breaking those measures for non-copyright-infringing purposes, such as jailbreaking to run alternative software,[32] but member states vary on the implementation of the directive.

In November 2012, Canada amended its Copyright Act with new provisions prohibiting tampering with digital locks, with exceptions including software interoperability.[34] Jailbreaking a device to run alternative software is a form of circumventing digital locks for the purpose of software interoperability.

There had been several efforts from 2008-2011 to amend the Copyright Act (Bill C-60, Bill C-61, and Bill C-32) to prohibit tampering with digital locks, along with initial proposals for C-11 that were more restrictive,[35] but those bills were set aside. In 2011, Michael Geist, a Canadian copyright scholar, cited iPhone jailbreaking as a non-copyright-related activity that overly-broad Copyright Act amendments could prohibit.[36]

India's copyright law permits circumventing DRM for non-copyright-infringing purposes.[37][38] Parliament introduced a bill including this DRM provision in 2010 and passed it in 2012 as Copyright (Amendment) Bill 2012.[39] India is not a signatory to the WIPO Copyright Treaty that requires laws against DRM circumvention, but being listed on the US Special 301 Report "Priority Watch List" applied pressure to develop stricter copyright laws in line with the WIPO treaty.[37][38]

The law Copyright and Related Rights Regulations 2003 makes circumventing DRM protection measures legal for the purpose of interoperability but not copyright infringement. Jailbreaking may be a form of circumvention covered by that law, but this has not been tested in court.[32][41] Competition laws may also be relevant.[42]

“Apple’s goal has always been to ensure that our customers have a great experience with their iPhone and we know that jailbreaking can severely degrade the experience. As we’ve said before, the vast majority of customers do not jailbreak their iPhones as this can violate the warranty and can cause the iPhone to become unstable and not work reliably.”

The Digital Millennium Copyright Act says "no person shall circumvent a technological measure that effectively controls access to a work protected under" the Digital Millennium Copyright Act, which may apply to jailbreaking;[44] there is an exemption from this law only for jailbreaking mobile phones "at least through 2015."[45] Note that the exemption is for jailbreaking only, not unlocking (recent phones), and that Apple has announced that jailbreaking "can violate the warranty".[43] However, in the United States, Apple cannot void an iPhone's warranty unless it can show that a problem or component failure is linked to the installation or placement of after-market item such as unauthorized applications, because of the Federal Trade Commission's Magnuson-Moss Warranty Act of 1975[46][47][48]

In 2010, in response to a request by the Electronic Frontier Foundation, the U.S. Copyright Office explicitly recognized an exemption to the DMCA to permit jailbreaking in order to allow iPhone owners to use their phones with applications that are not available from Apple's store, and to unlock their iPhones for use with unapproved carriers.[49][50]Apple had previously filed comments opposing this exemption and indicated that it had considered jailbreaking to be a violation of copyright (and by implication prosecutable under the DMCA). Apple's request to define copyright law to include jailbreaking as a violation was denied as part of the 2009 DMCA rulemaking. In their ruling, the Library of Congress affirmed on July 26, 2010 that jailbreaking is exempt from DMCA rules with respect to circumventing digital locks. DMCA exemptions must be reviewed and renewed every three years or else they expire.

On October 28, 2012, the US Copyright Office updated their exemption policies. The jailbreaking of smartphones continues to be legal "where circumvention is accomplished for the sole purpose of enabling interoperability of [lawfully obtained software] applications with computer programs on the telephone handset." However, the U.S. Copyright office refused to extend this exemption to tablets, such as iPads, arguing that the term "tablets" is broad and ill-defined, and an exemption to this class of devices could have unintended side effects.[51][52][53] The Copyright Office also renewed the 2010 exemption for unofficially unlocking phones to use them on unapproved carriers, but restricted this exemption to phones purchased before January 26, 2013.[52]

Tim Wu, a professor at Columbia Law School, argued in 2007 that jailbreaking "Apple's superphone is legal, ethical, and just plain fun."[54] Wu cited an explicit exemption issued by the Library of Congress in 2006 for personal unlocking, which notes that locks "are used by wireless carriers to limit the ability of subscribers to switch to other carriers, a business decision that has nothing whatsoever to do with the interests protected by copyright" and thus do not implicate the DMCA.[55] Wu did not claim that this exemption applies to those who help others unlock a device or "traffic" in software to do so.[54] In 2010 and 2012, the U.S. Copyright Office approved exemptions to the DMCA that allow iPhone users to jailbreak their devices legally.[56] It is still possible Apple may employ technical countermeasures to prevent jailbreaking or prevent jailbroken phones from functioning, but it will not be able to sue users who jailbreak.[57] It is also unclear whether it is legal to traffic in the tools used to make jailbreaking easy.[57]

When a device is booting, it loads Apple's own kernel initially. The device must then be exploited and have the kernel patched each time it is turned on.

An "untethered" jailbreak has the property that if the user turns the device off and back on, the device will start up completely, and the kernel will be patched without the help of a computer – thus enabling the user to boot without the need to use a computer.[60] These jailbreaks are harder to make and take a lot of reverse engineering and years of experience.

With a "tethered" jailbreak, a computer is needed to turn the device on each time it is rebooted. If the device starts back up on its own, it will no longer have a patched kernel, and it may get stuck in a partially started state. By using a computer, the phone is essentially "re-jailbroken" (using the "boot tethered" feature of a jailbreaking tool) each time it is turned on.[61] With a tethered jailbreak, you can still restart SpringBoard ("respring") on the device without needing to reboot.

There is also "semi-tethered" solution, which means that when the device boots, it will no longer have a patched kernel (so it will not be able to run modified code), but it will still be usable for normal functions such as making phone calls, or texting.[62] To use any features that require running modified code, the user must start the device with the help of the jailbreaking tool in order for it to start with a patched kernel (jailbroken).

Parts of this article (those related to History of iOS jailbreaking tools) are outdated. Please update this article to reflect recent events or newly available information.(November 2013)

A few days after the original iPhone became available in July 2007, developers released the first jailbreaking tool for it,[63] and soon a jailbreak-only game app became available.[64] In October 2007, JailbreakMe 1.0 (also called "AppSnapp") allowed people to jailbreak iPhone OS 1.1.1 on both the iPhone and iPod touch,[65][66] and it included Installer.app as a way to get software for the jailbroken device. In February 2008, Zibri released ZiPhone, a tool for jailbreaking iPhone OS 1.1.3 and iPhone OS 1.1.4.[67]

The iPhone Dev Team (not affiliated with Apple) has released a series of free desktop-based jailbreaking tools. It released a version of PwnageTool in July 2008 to jailbreak the then new iPhone 3G on iPhone OS 2.0 as well as the iPod touch,[68][69] newly including Cydia as the primary third-party installer for jailbroken software[70] (PwnageTool continues to be updated for untethered jailbreaks of newer iOS versions).[71][72] The iPhone Dev Team released QuickPWN to jailbreak iOS 2.2 on iPhone and iPod touch, also including options to enable functionality that was possible but disabled by Apple on certain devices.[73] After Apple released iOS 3.0, the Dev Team published redsn0w as a simple jailbreaking tool usable on Mac and Windows, and also updated PwnageTool (now primarily intended for expert users making custom firmware, and only for Mac).[74] It continues to maintain redsn0w for jailbreaking most versions of iOS 4 and iOS 5 on most devices.[75] As of December 2011, redsn0w includes the "Corona" untether by pod2g for iOS 5.0.1 for iPhone 3GS, iPhone 4, iPad 1, and iPod touch 3rd and 4th generation.[72] As of June 2012, redsn0w also includes the "Rocky Racoon" untether by pod2g for iOS 5.1.1 on all iPhone, iPad, and iPod touch models that support iOS 5.1.1.[76]

George Hotz, who developed the first iPhone unlock, released a jailbreaking tool for the iPhone 3GS on iPhone OS 3.0 called purplera1n,[77] and blackra1n for iPhone OS version 3.1.2 on the 3rd generation iPod touch and other devices.[78] In October 2010, he released limera1n, a low-level boot ROM exploit that permanently works to jailbreak the iPhone 4 and is used as part of tools including redsn0w.[79]

Nicholas Allegra (better known as "comex") released a program called Spirit in May 2010. Spirit jailbreak for devices including iPad (which was just released) and then new iPhones running iPhone OS 3.1.2, 3.1.3, and iPad running 3.2[80] In August 2010, comex released JailbreakMe 2.0, a web-based tool that was the first to jailbreak the iPhone 4 (on iOS 4.0.1).[81][82] In July 2011, he released JailbreakMe 3.0,[83] a web-based tool for jailbreaking all devices on certain versions of iOS 4.3, including the iPad 2 for the first time (on iOS 4.3.3).[84] JailbreakMe 3.0 uses a flaw in PDF file rendering in mobile Safari.[85][86]

Chronic Dev Team initially released greenpois0n in October 2010, a desktop-based tool for jailbreaking iOS 4.1[87] and later iOS 4.2.1[88] on most devices including the Apple TV,[89] as well as iOS 4.2.6 on CDMA (Verizon) iPhones.[90]

The iPhone Dev Team, Chronic Dev Team, and pod2g collaborated to release Absinthe in January 2012, a desktop-based tool to jailbreak the iPhone 4S for the first time and the iPad 2 for the second time, on iOS 5.0.1 for both devices and also iOS 5.0 for iPhone 4S.[60][61][91][92] In May 2012 it released Absinthe 2.0, which can jailbreak iOS 5.1.1 untethered on all iPhone, iPad, and iPod touch models that support iOS 5.1.1, including jailbreaking the third-generation iPad for the first time.[93] The hackers together called the evad3rs released an iOS 6.X jailbreak tool called evasi0n. The expected release was on Sunday, February 3, 2013, though it was actually released on Monday, February 4, 2013 at noon Eastern Standard Time. The site initially gave anticipating users download errors as there was a high volume of interest in the download for the jailbreak utility, which is available for Linux, OS X, and Windows. When Apple upgraded its software to iOS 6.1.3 it permanently patched out the evasi0n jailbreak. Apple has now upgraded its software to iOS 6.1.4.[94] which is only available for the iPhone 5. On April 2013, the latest versions of Sn0wbreeze was released, which added the support for tethered jailbreaking on A4 devices (i.e. devices not newer than the iPhone 4, iPad 1, or iPod touch 4).[95][96][97]

On December 22, 2013, the evad3rs released a new version of evasi0n that supports jailbreaking iOS 7.0.x, known as evasi0n7.

After the release of evasi0n7, winocm, ih8sn0w and SquiffyPwn released p0sixspwn on December 30, 2013 for untethering devices on iOS 6.1.3 - 6.1.5. Initially, it was necessary to jailbreak tethered using redsn0w and install p0sixpwn at Cydia. A few days later, on January 4, 2014, the same team released a version of p0sixpwn for jailbreaking using a computer.

iOS 7.1 patched the exploits used by evasi0n7, and on June 23, 2014, Pangu, a Chinese untethered jailbreak was released for iOS 7.1.

On October 22, 2014, Pangu Team released Pangu8 to jailbreak all devices running iOS 8-8.1. The first versions did not bundle Cydia, nor was there an iOS 8 compatible version of Cydia at the time.

November 29, 2014, was the day TaiG team released their version of jailbreak tool, available to devices running iOS 8.0-8.1.1. And, on December 10, 2014, their app was updated to include support for iOS 8.1.2.[98]